Enabling 4G sim on Cisco router 887 VAG - 4G

Please can someone can help me configuring Cisco 887 VAG - 4G router to enable internet through 4G (Sim Card)
Any help / advise will be appreciated.
Kind regards
AB

That is my post as well but no answer yet from any of the geek :(
I want to test 3G sim and ADSL line ------- CISCO 887. I believe there will be two different solutions.

Similar Messages

Management of integrated AP in Cisco Router 887

Hello!
I have a Cisco Router 887 here, with an integrated AP. This AP is a separate device in the router, with its own software, config, etc.
My problem I can't get the remote management of this AP to work (I'd prefer CLI, which means via SSH).
The router has a separate interface to communicate/manage with the AP:
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan100
arp timeout 0
interface Vlan100
ip address 172.22.2.1 255.255.255.0
After this initial configuration, I can login to the AP *via the router* by issuing this command:
wlan service-module wlan-ap 0 session
When I'm on the router via console, this works! But when I'm on the router via SSH, it won't work:
router#connect 172.22.2.1 2002
Trying 172.22.2.1, 2002 ...
% Connections to that host not permitted from this terminal
I'd like to configure the access to work via an SSH-session also!
My line-configs are as follows:
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class VTY.TRUSTED in
exec-timeout 120 0
transport input ssh
I tried to remove the access-class and allow every protocol (transport input all), but it didn't change it. How can I make this access to work? How can I find out what is preventing it?
*Note: The rest of this posting covers technically a different problem! I would be very happy if i had at least an answer to one of the given problems!
After failing to achieve this, I tried to tackle the problem differently. This time by configuring an IP-Adress on the AP itself, to SSH directly to it. But I also couldn't get this to work!
There is an internal data-connection between router and the integrated AP:
router:
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
AP:
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
interface BVI100
ip address 172.22.2.5 255.255.255.0
bridge 100 route ip
The problem here is: I can't get the IP from BVI100 to work correctly in VLAN100. That is, I can't reach it anywhere from VLAN100. This happens in spite of the fact that the SSID (config not shown, it's a Dot11Radio0.100 subinterface with the corresponding bridge-group 100 attached) works perfectly fine.
In my tests I found if I configure the IP in BVI1 (Vlan1), it's reachable. Just in this case the VLAN 1 is not the VLAN I'd like the management IP to be.
Is there some additional bridge-group config missing? I wouldn't know which, as I see no difference to bridge-group 1, where it would work. The only difference is that VLAN 1 is bridged natively via the internal data-link, whereas VLAN 100 is tagged. As I said, WLAN over these SSIDs/VLANs works as expected.
Thanks,
Florian

OK thanks, I will look into that.
Do you perhaps also have an idea why I can't connect via the internal console port, if I have connected to the router previously via VTY?
router#wlan service-module wlan-ap 0 session
router#connect 172.22.2.1 2002
Trying 172.22.2.1, 2002 ...
% Connections to that host not permitted from this terminal
Thanks,
Florian

Cisco CP Is not Run Cisco Router 887

Hi,
I have installed CCP in my PC Windows 7 for best administration of my device Cisco Router 887, but when i open CCP, this Application say me the following.
Cisco Confguration Professional requires Adobe Flash Player 10 or adove.
I have installed Flash Player 12, but the application saying the same.
I need your help, please.
Regards

Try using Chrome or Firefox. Safari will also work.
Do not attempt to use Internet Exploder.

Strange issue - unable to establish PPP with Cisco 887 VAG router on one particular ADSL line

I have a strange problem that I’m struggling to get to the bottom of with my ISP and wondered if anyone could help.
We have a site with an older Cisco 877 ADSL router which was working happily until a few weeks ago when the connection dropped suddenly (out-of-hours at 2am if that’s of any significance – made me think most likely something carrier/ISP related?)    When connectivity was lost, the router could sync with the BT exchange (we are in the UK) but could not establish PPP.
We logged fault with our ISP – after some to’ing and fro’ing, they passed it onto BT and their engineers visited site, they fixed “a line fault” (we don’t get much detail on what was actually fixed) but we still could not establish connectivity – same thing, solid CD light but no PPP.
So, we replaced the router with another 877 – same again, solid CD but no PPP. We replaced all the cables and microfilter etc but no difference.
We tried a different Cisco router (a newer Cisco 887VAG) which, as I understand, uses a different modem chipset but no matter – PPP could still not be established. We tested this router on another ADSL line with the same ISP and it worked without issue, using the same ADSL account details, it was able to establish connectivity. So we figured this must still be a BT/ISP issue.
Since then we’ve had BT out again twice but they say there is no fault. The ISP say there is no issue with them. But we still cannot establish ADSL connectivity on this line, despite having tried 3 different ADSL routers and despite the fact the routers work with the same account details on another ADSL line.
The 887VAG router we have currently connected has 3G backup so that is keeping us going in the meantime and also means I can login to the router remotely to check on the ADSL status.
But I’m struggling to pinpoint where the problem may lie.   Strangely, if I turn on PPP negotiation and authentication debug then I’m not actually seeing any output from it at all?
Yet, the ATM interface is up and shows packets being sent and received:
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR, address is bc16.6596.9b00 (bia bc16.6596.9b00)
MTU 1600 bytes, sub MTU 1600, BW 704 Kbit/sec, DLY 520 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
4 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 00:00:28, output 00:00:07, output hang never
Last clearing of "show interface" counters 6d23h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     23886 packets input, 1676964 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     56469 packets output, 4418592 bytes, 0 underruns
     0 output errors, 0 collisions, 6 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
Does anyone have any ideas on where the problem may be and what more I can do to troubleshoot and provide the relevant evidence to our ISP (assuming it is an ISP/BT issue though the fact the same router works ok with the exact same details etc would seem to indicate it must be their issue!)

Hi Jody,
thanks for the suggestions. Here's what I see from the ppp debugs (but I'm not sure how to interpret?)
Jan 6 14:50:22.838: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:50:22.878: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Jan 6 14:50:24.885: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:35.125: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:45.364: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:55.603: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:05.843: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:16.114: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:26.353: [0]PPPoE 0: O PADT R:0000.0000.0000 L:0000.0000.0000 0/38 ATM0.1
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 00
00 00 00 00 00 00 00 00 00 00 88 63 11 A7 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.576: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.608: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Provider wouldn't have bumped us from ADSL to VDSL - but here's the output of show controller vdsl 0:
Controller VDSL 0 is UP
Daemon Status: Up
XTU-R (DS) XTU-C (US)
Chip Vendor ID: 'BDCM' 'IFTN'
Chip Vendor Specific: 0x0000 0x71C8
Chip Vendor Country: 0xB500 0xB500
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x4602 0x0000
Modem Vendor Country: 0xB500 0x0000
Serial Number Near: FCZ1111C08V C887VAG 15.2(4)M
Serial Number Far:
Modem Version Near: 15.2(4)M
Modem Version Far: 0x71c8
Modem Status: TC Sync (Showtime!)
DSL Config Mode: AUTO
Trained Mode: G.992.1 (ADSL) Annex A
TC Mode: ATM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Trellis: ON ON
SRA: disabled disabled
SRA count: 0 0
Bit swap: enabled enabled
Bit swap count: 1 8
Line Attenuation: 54.5 dB 31.5 dB
Signal Attenuation: 54.5 dB 0.0 dB
Noise Margin: 6.7 dB 11.0 dB
Attainable Rate: 2132 kbits/s 888 kbits/s
Actual Power: 16.7 dBm 12.7 dBm
Total FECC: 546 0
Total ES: 6 0
Total SES: 0 0
Total LOSS: 0 0
Total UAS: 486 486
Total LPRS: 0 0
Total LOFS: 0 0
Total LOLS: 0 0
Full inits: 14
Failed full inits: 1
Short inits: 0
Failed short inits: 1
Firmware Source File Name (version)
VDSL user config flash:vdsl.bin-A2pv6C035d_d23j (10)
Modem FW Version: 110802_1752-4.02L.03.A2pv6C035d.d23j
Modem PHY Version: A2pv6C035d.d23j
Vendor Version:
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 1664 0 704
SRA Previous Speed: 0 0 0 0
Previous Speed: 0 1600 0 736
Total Cells: 0 2786872 0 0
User Cells: 0 68 0 0
Reed-Solomon EC: 0 546 0 0
CRC Errors: 0 9 0 0
Header Errors: 0 10 0 0
Interleave (ms): 0.00 8.00 0.00 8.00
Actual INP: 0.00 1.12 0.00 1.28
Training Log : Stopped
Training Log Filename : flash:vdsllog.bin
And here's the output from the ATM and dialer interfaces:
interface ATM0
no ip address
ip flow ingress
no atm ilmi-keepalive
end
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/38
pppoe-client dial-pool-number 2
end
interface Dialer2
description OUTSIDE
ip address negotiated
ip access-group firewall in
ip mtu 1492
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname ###removed###
ppp chap password ###removed###
no cdp enable
crypto map dcvpn
end
As I say though, config-wise, everything should be correct - the same router works fine on another line (which should also confirm the authentication details are correct - at least in as far as it matches what the ISP have on their RADIUS)
Any further thoughts?

Cisco router interface threshold

Hello,
I have a question about getting threshold information out of a specific interface. I have a customer with DSL on a cisco 887 router.
This customer has 2 different pvc's on the ATM0 interface, 2 dialer's (1 for voice, one for data) 2 vlan's (1 for voice, one for data).
What I would like is that the cisco router wil send me a message that only the voice dialer or voice vlan has exceeded it's threshold limit.
I can configure this with the "rmon alarm" command, but then it isn't specific for the voice dialer, it gives me info on both the dialers.
I also tried it with SNMP traps, but this isn't "real-time"
Does anyone know if there is a different solution to solve this?

Sorry, small mistake :-)
Heres my configuration:
event manager applet int-rate-test
event interface name Dialer1 parameter receive_rate_bps entry-op gt entry-val 110000 entry-type rate exit-op lt exit-val 50000 exit-type rate average-factor 1 poll-interval 1
snmp-server community G***** RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps envmon
snmp-server enable traps c3g
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps mac-notification
snmp-server enable traps energywise
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bfd
snmp-server enable traps memory bufferpeak
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps cpu threshold
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps firewall serverstatus
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host *.*.*.30 G****
interface Dialer1
description tbv Internet KPN-lijn
ip address negotiated
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname test-vdsl-inet
ppp chap password 7 051F031C3501580D0A095A1B050910
ppp pap sent-username test-vdsl-inet password 7 111D1C16035F1D081726662D263621
no cdp enable
When I download something from the internet it only shows the interface bandwidth usage stats every 5min. I'm not getting any event messages to my Zenoss server that a threshold has been reached or anything like that.
I have attached a file with the results.

Cant ping behind cisco router (site2site vpn)

Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24     behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny   ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help please

Thank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
      Phase1_id: 4.x.x.x
      Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
          Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
        Active SAs: 2, origin: crypto map
        Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
        Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407

Not able to telnet or ssh to outside interface of ASA and Cisco Router

Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YK

Hello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards,

Site-to-Site VPN between Cisco ASA 5505 (8.4) and Cisco Router (IOS 15.2)

Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: end

Thanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
      Desc: (none)
      Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
        Active SAs: 0, origin: crypto map
        Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
        Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help.

Help with Remote access VPN on Cisco router 3925 via Dialer Interface

Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
        quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
Thanks

Hi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0         192.168.1.1     YES NVRAM up                    up
GigabitEthernet0/1         unassigned      YES NVRAM up                    up
GigabitEthernet0/2         unassigned      YES NVRAM up                    up
Dialer1                    210.245.54.49   YES IPCP   up                    up
Dialer2                    101.99.7.73     YES IPCP   up                    up
NVI0                       192.168.1.1     YES unset up                    up
Virtual-Access1            unassigned      YES unset up                    up
Virtual-Access2            unassigned      YES unset up                    up
Virtual-Access3            unassigned      YES unset up                    up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much !

How to enable GUI for a Cisco 1841?

How to enable GUI for a Cisco 1841?

Hi,
install SDM or CCP on your PC then on the router :
en
conf t
ip dhcp excluded-address 192.168.1.254
ip dhcp pool MYPOOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
ip http server
ip http authentication local
username xxx privilege 15 secret xxxx
int f0/0
ip address 192.168.1.254 255.255.255.0
no shutdown
Regards.
Alain.

Connecting to NME-IPS results in connecting to cisco router itself

Suddenly, without any clear reason, I cannot access the NME-IPS in my router.
Instead it connects to the router console.
The IP address is also pingable.
Output:
gateway#service-module IDS-Sensor 1/0 status
Service Module is Cisco IDS-Sensor1/0
Service Module supports session via TTY line 66
Service Module is in Steady state
Service Module heartbeat-reset is enabled
Getting status from the Service Module, please wait..
Cisco Systems Intrusion Prevention System Network Module
Software version: 7.0(6)E4
Model:             NME-IPS
Memory:            443504 KB
Mgmt IP addr:      192.168.11.99
Mgmt web ports:    443
Mgmt TLS enabled: true
gateway#service-module IDS-Sensor 1/0 session
Trying 192.168.11.99, 2066 ... Open
C
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
User Access Verification
Username:

If IME is not connecting, is it giving you some sort of error?
Do you have ASDM launcher loaded? if so, does it also fail to connect?
When you launch IME are you prompted for a password, is that failing on the password entry or does it simply fail to connect to the device?
I have not been able to access my NME via https either, I get a Java error, but I pretty much always use Cisco IME to access my NME module so I have not chased down the Java issue.

How to setup Guest Network Name in Cisco Router

Hello everyone!
The first. Sorry my english =)
I want tald you how to change guest network name in cisco (what have different name)
What we need.
1. Cisco Connect for Mac OSX (i use snow leopard and Cisco Connect for E3000)
2. Terminal
Okay. Let's go.
1. Install Cisco Connect for OSX
2. After setup - slighty setup your cisco router (give something name and password), then, when cisco connect say you "You now connected the internet" and going to main screen - exit from cisco connect
3. Open Terminal (Or you can use Finder (go to Application, show package content Cisco Connect))
4. Go to /Application/Cisco Connect.app/Contents/Resources/lcid/<your setup language, for english - go 1033>/
5. Edit resource_strings.pus (vi resource_strings.pus)
6. Change "-guest" in string <LocalizableString RcFileId='10019' BaseTextHash='0xA65E286D' BaseText='-guest'/> for something what you want. For example, i changed for ' Guest Network'
7. Save
8. Open Cisco Setup
9. Go to router configuration and change desired name. I changed to 'Grizlly Bear'
10. After setup name - go to Guest Setting and Enable. As you can si, your guest network name set as 'Grizlly Bear Guest Network'
11.Exit Cisco Setup
12. Go to web interface setup
13. Setup Wifi manual and change SSID for diferent names. I change 5Gh to 'Grizlly Bear Hi-Speed Network' and 2.4GHz to 'Grizlly Bear Main Network'
14. Setup your hostname for all services (fileserver, media server, etc)
Woala!
We have three diferent names network!
Questions?

In order to enable Guest networking, the AirPort Extreme must be configured as your "main" Internet router. In this configuration, Connection Sharing = Share a Public IP address. The Extreme would be connected directly to the Internet modem and NOT downstream of another router with NAT enabled.
In this configuration, the Guest network would provide access ONLY to the Internet and NOT to your LAN.

L2tpv3 dialing from cisco router

I have requirement where customer wants ip dialing to LNS from cisco router with the help of l2tpv3.
Could anyone tell me how to configure this.
regards
shivlu jain

Hello Shivlu,
in one of our routers the backup link is configured in this way
pseudowire-class netvision-l2tp
encapsulation l2tpv2
interface Virtual-PPP1
description NETVISION DIALER
ip address negotiated
ip nat outside
ip virtual-reassembly
no cdp enable
ppp pap sent-username password 0 41003827
pseudowire x.x.x.x 2 pw-class netvision-l2tp
crypto map VPN_MAP
where x.x.x.x is a public ip address
ip route x.x.x.x 255.255.255.255 g0/1
completes this solution where this g0/1
sh run int gi0/1
Building configuration...
Current configuration : 157 bytes
interface GigabitEthernet0/1
description CONNECTION TO CABLE MODEM
ip address dhcp
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
end
and it receives a private ip address from DHCP on a cable modem access network.
but it uses l2tpv2 not L2tpv3 and I've always seen l2tpv2 in this context.
Hope to help
Giuseppe

Curious message during activation of snmp traps in cisco router 2800

I activated snmp traps in cisco router 2800 (I didn't specify a set of them, so all of them were activated). The thing is, when i configure "snmp-server enable traps", appears a message in the next line :
" %Cannot enable both sham-link state-change interface traps.
%New sham link interface trap not enabled "
Anyway, traps are activated and are completely functional.
I would like to know, why this message appears... and also what is the difference between informs and traps, because I can activate both of the in a router to be sent to the network admin pc.
Thanks in advance.

Hi Marcelo,
the snmp-server enable traps command enables just all types of traps that the IOS version supports.
The message apperes because of this two, which are mutually exclusive:
R1(config)#snmp-server enable traps ospf cisco-specific state-change shamlink interfaceR1(config)#snmp-server enable traps ospf cisco-specific state-change shamlink interface-old% Cannot enable both sham-link state-change interface traps.% Deprecated sham link interface trap not enabled.
It's recommended to only enable the traps you really need.
Informs were introduced with SNMPv2, and they have the same format and purpose as traps.
The main difference is that traps are send in a hit-or-miss fashion whereas informs expect an acknowledge and will be re-send if unacknowledged.
Hope that helps
Rolf

Cisco router T1 gw voip Radius Radiator

All
I got a cisco router and want to output the radiator,
however I found that the /cgi-bin/radacct.cgi , each call record had generate 4 records...
What is the best method for me to take the one.
00000572 27 Sep 2004 16:39:21 0:00:00 3101 3200 156 80
00000572 27 Sep 2004 16:39:26 0:00:00 3101 3200 156 80
00000572 27 Sep 2004 16:39:31 0:00:00 3101 3200 156 80
00000576 27 Sep 2004 16:39:32 0:00:00 3111 3141 157 80
00000572 27 Sep 2004 16:39:36 0:00:00 3101 3200 156 80
00000576 27 Sep 2004 16:39:37 0:00:00 3111 3141 157 80
00000576 27 Sep 2004 16:39:42 0:00:00 3111 3141 157 80
00000576 27 Sep 2004 16:39:47 0:00:00 3111 3141 157 80

Thanks for the link Calvin.
I actually got it to work by just old fashion trial and error. Turned out to be two things:
Microsoft 2008 R2 NPS>Policies>Network Policies>" Wireless Policy I created">Authentication Methods.... CHAP had to be enabled.
Microsoft 2008 R2 NPS>Policies>Network Policies>" Wireless Policy I created">conditions..... delete the friendly name I read I needed to create. This "various RADIUS Clients was not so important to us" (will make sense if you follow link)
I mainly used this link for anyone interested:
http://www.darylhunter.me/blog/2010/06/cisco-ios-fu-7-cisco-radius-windows-server-2008-nps.html

Enabling 4G sim on Cisco router 887 VAG - 4G

Similar Messages

Maybe you are looking for